Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns
We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's cod...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Article |
Language: | en_US |
Published: |
Association for Computing Machinery (ACM)
2016
|
Online Access: | http://hdl.handle.net/1721.1/102281 https://orcid.org/0000-0003-4864-078X |